lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 6 May 2014 13:43:37 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>
Cc: fulldisclosure@...lists.org
Subject: [FD] Beginners error: Piriform's Crap Cleaner^W runs rogue program
	C:\Program.exe

Hi @ll,

Piriform's Crap Cleaner^W creates the following context menu entries
on Windows' recycle bin which run the rogue program "C:\Program.exe"
upon invocation:

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\CCleaner starten\command]
@="C:\\Program Files\\CCleaner\\ccleaner.exe /AUTO"

[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\CCleaner öffnen...\command]
@="C:\\Program Files\\CCleaner\\ccleaner.exe"


>From <http://msdn.microsoft.com/library/cc144175.aspx>
or <http://msdn.microsoft.com/library/cc144101.aspx>:

| Note: If any element of the command string contains or might contain
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| spaces, it must be enclosed in quotation marks. Otherwise, if the
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| element contains a space, it will not parse correctly.


"Long" filenames containing spaces exist for about 20 years in Windows.
It's REALLY time that every developer and every QA engineer knows how
to handle them properly.


regards
Stefan Kanthak


PS: from <http://www.piriform.com/about>:

| At Piriform we create award-winning software to make your computer
| faster, more secure and have greater privacy. Whether you're cleaning
| out files on your system with CCleaner, ...

I doubt that, especially the "more secure".
I'd but award them with a price for "crap".-P

| All our products are fully tested to the highest standard.

Unfortunately this "highest standard" allows a beginners error to ship
to approximately 1 billion PCs worldwide.


PPS: Piriform also fails to provide an email address on
     <http://www.piriform.com/contact> or elsewhere on their web site!


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ